From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([69.77.167.62] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1LR8t1-00072Y-2d for garchives@archives.gentoo.org; Sun, 25 Jan 2009 17:35:07 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 1C283E03EF; Sun, 25 Jan 2009 17:35:05 +0000 (UTC) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159]) by pigeon.gentoo.org (Postfix) with ESMTP id CEBFBE03EF for ; Sun, 25 Jan 2009 17:35:04 +0000 (UTC) Received: by fg-out-1718.google.com with SMTP id e21so3315082fga.14 for ; Sun, 25 Jan 2009 09:35:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=tnF9H8tj/BhpsR4wQwHaVYKBvxOARtRH3R9GcWpm8XA=; b=lraq8ACilLUG/Zcat1bbcr6hNxwG0HiV+JQOjOXvK5fUeII9yOt1M5j5w8ZdamK10a 5Z+84UzqFujNh+ykzbyQWNTZW6YWTQHd9lt+G65nj99K0+n67lESuPyQnmqOMbVb5k8E 7Ko+8il5GAYkMn8MWrnTKGjTDaBLzsxeeFeyc= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=oLfT7nmQwpzFQOvxfjy2UI0Pfj4Oo0IHPALIscoBC3NzV3CGFzE3cuSAY2n8y6THIw Oi2YSnqvpUuTPLwugC10AIbXkVSAxXCKbewySyuEVkYoXhsoHQZIySodGPl9J+eucHln bvywQNsPWjGqHAJKRzhI3Bu4XTfDiTjZ1VQv0= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.181.134.11 with SMTP id l11mr1191779bkn.18.1232904904155; Sun, 25 Jan 2009 09:35:04 -0800 (PST) In-Reply-To: <897813410901250928p515349cdua657d6f519edd194@mail.gmail.com> References: <49bf44f10901250712i74b5c288odc24029975adbfd6@mail.gmail.com> <897813410901250723r10c10336he53632cfee517de0@mail.gmail.com> <49bf44f10901250728x1c8637b1n2b53450082a41a04@mail.gmail.com> <897813410901250928p515349cdua657d6f519edd194@mail.gmail.com> Date: Sun, 25 Jan 2009 09:35:04 -0800 Message-ID: <49bf44f10901250935n376fd682l465bd459804c57b4@mail.gmail.com> Subject: Re: [gentoo-hardened] RLIMIT_MEMLOCK but can't paxctl -m From: Grant To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: 5506d3d2-c0fa-4b01-a20b-35c638c7fd20 X-Archives-Hash: a4e7bd5f7014fb959d3197602c71eb42 > PaX flags only marks elf files not scripts. Is there anything I can do about the "denied resource overstep by requesting 135168 for RLIMIT_MEMLOCK"? - Grant >>> can you put the output of file /usr/bin/miro? >> >> That file is just: >> >> #!/bin/sh >> miro.real "$@" >> >> and /usr/bin/miro.real is a python script. >> >> - Grant >> >> >>>> I'm getting: >>>> >>>> grsec: denied resource overstep by requesting 135168 for >>>> RLIMIT_MEMLOCK against limit 32768 for >>>> /usr/bin/miro.real[miro.real:12965] uid/euid:1000/1000 >>>> gid/egid:100/100, parent /usr/bin/miro[miro:12964] uid/euid:1000/1000 >>>> gid/egid:100/100 >>>> >>>> but both 'paxctl -m /usr/bin/miro' and 'paxctl -m /usr/bin/miro.real' >>>> return "file is not a valid ELF executable". Am I using the wrong >>>> command? >>>> >>>> - Grant